Update flake.nix vendor-hash in a workflow

2026-03-03 01:56:35 +00:00 · 2026-02-14 06:59:08 -05:00
parent 34054180ed
commit 4027784d1d
3 changed files with 59 additions and 4 deletions
--- a/.github/workflows/update-vendor-hash.yml
+++ b/.github/workflows/update-vendor-hash.yml
@@ -0,0 +1,55 @@
+name: Update vendorHash in flake.nix
+
+on:
+  push:
+    paths:
+      - 'go.mod'
+      - 'go.sum'
+  workflow_dispatch:
+
+permissions:
+  contents: write
+
+jobs:
+  update-hash:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: cachix/install-nix-action@v27
+        with:
+          nix_path: nixpkgs=channel:nixpkgs-unstable
+
+      - name: Calculate new vendorHash
+        id: hash
+        run: |
+          # First, set vendorHash to null to get Nix to calculate what it should be
+          sed -i 's/vendorHash = .*/vendorHash = null;/' flake.nix
+          
+          # Try to build and capture the expected hash
+          HASH=$(nix build .#vpngate 2>&1 | grep -oP "sha256-[a-zA-Z0-9+/]+={0,2}" | head -1)
+          
+          if [ -z "$HASH" ]; then
+            echo "Failed to extract hash from build output"
+            exit 1
+          fi
+          
+          echo "hash=$HASH" >> $GITHUB_OUTPUT
+          echo "Calculated hash: $HASH"
+
+      - name: Update flake.nix with correct hash
+        run: |
+          sed -i 's/vendorHash = null;/vendorHash = "${{ steps.hash.outputs.hash }}";/' flake.nix
+
+      - name: Commit and push if changed
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          
+          if git diff --quiet flake.nix; then
+            echo "No changes to commit"
+          else
+            git add flake.nix
+            git commit -m "chore: update vendorHash in flake.nix"
+            git push
+          fi
--- a/flake.lock
+++ b/flake.lock
@@ -20,11 +20,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1763934636,
-        "narHash": "sha256-9glbI7f1uU+yzQCq5LwLgdZqx6svOhZWkd4JRY265fc=",
+        "lastModified": 1770843696,
+        "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "ee09932cedcef15aaf476f9343d1dea2cb77e261",
+        "rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -16,7 +16,7 @@
        pkgs.buildGo125Module rec {
          name = "vpngate";
          src = ./.;
-          vendorHash = "sha256-tVNffrT+r3pA+0pvBaNKsq9K4wkB7WepkuSa1nCWloc=";
+          vendorHash = "sha256-FCYVkLhuVsVhxhjiSWJi02Fr0mhjQMCmHX1n2pjZM+U=";
          nativeBuildInputs = pkgs.lib.optionals pkgs.stdenv.isLinux [ pkgs.makeWrapper ];
          env.CGO_ENABLED = 0;
          doCheck = false;